A method and system allows a user to add content to a displayable content container (e.g., web page) that specifies at least one modifiable portion, where the modifiable portion is served by a server operated by one entity, but provided to the server by a service operated by another entity. The modifiable portion is attributable to the one entity and remaining content in the displayable content container is not editable by the users. Other features, such as user authentication mechanisms, are also described herein.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method in a computer system to authorize a user at a user computer to edit or add content to, at least a user-editable portion of an extensible web page, wherein the extensible web page is served by a web server, but the user-editable portion is served by a user-content hosting server, the method comprising: at the user-content hosting server, determining if a valid token associated with the user has been provided, wherein the user-content hosting server generates valid tokens for users who supply authorized credentials to the web server; wherein the user-content hosting server generates tokens based on requests to edit, or add content to, the user-editable portion of the extensible web page, wherein the request is received from the user computer, wherein the extensible web page is served by the web server, but the user-editable portion is served by the user-content hosting server, wherein the web server is different from, and geographically separated from, the user-content hosting server, and wherein the web server is controlled or operated by a commercial entity different from the user-content hosting server; if a valid token associated with the user has been provided, then receiving and storing at the user-content hosting server edits to, or content added to, the user-editable portion of the extensible web page; and, if a valid token associated with the user has not been provided, then directing the user to be authenticated to the web server before storing at the user-content hosting server edits to, or content added to, the user-editable portion of the extensible web page.
A system allows users to edit parts of a webpage hosted by someone else. A webpage served by a main web server has specific sections that can be changed by users. These editable sections are actually served by a separate "user-content hosting server." When a user wants to edit, their computer sends a request. The user-content hosting server checks for a valid "token" associated with the user. This token proves the user is allowed to make changes. The main web server creates these tokens for users who have logged in successfully. If the token is valid, the user-content hosting server saves the edits. If not, the user is redirected to the main web server to log in before any edits are saved. The main web server and the user-content hosting server are run by different companies and are in different locations.
2. The method of claim 1 wherein the web server is behind a firewall controlled by a business entity, wherein the editable web page includes content editable by trained users associated with the business entity, wherein the trained users have access to the web server behind the firewall, wherein the editable portion is configured to permit untrained users outside the firewall to edit the extensible web page, and wherein the untrained users are unaffiliated with the business entity.
This builds on the previous description, where a user edits a portion of a webpage served by a main web server, with the editable portion served by a separate "user-content hosting server". The main web server is behind a firewall, protecting a business's internal network. Trained employees inside the firewall can edit the whole webpage. However, the editable portion lets outside, untrained users (not affiliated with the business) contribute without needing access to the internal network. The "user-content hosting server" authorizes external user edits, while the main web server protects the business's core content and internal users.
3. The method of claim 1 wherein receiving from the user computer a request to edit, or add content to, the portion of the extensible web page does not include information identifying the user and information identifying the user does not pass to the user-content hosting server.
Expanding on the core user content editing system, when a user requests to edit a portion of the webpage served by the main web server, the request sent to the "user-content hosting server" doesn't include any information that identifies the user. The "user-content hosting server" that handles the editable content never directly receives the user's identity. The system relies solely on the validity of the token to authorize edits, ensuring the main web server handles authentication and no identifying user data is passed to the user-content hosting server, enhancing user privacy and security. The request only contains information about what content is to be changed.
4. The method of claim 1 wherein the token is valid for a time period of less than 24 hours.
This enhancement focuses on the "token" used in the user content editing system. In the described system, a user edits a portion of a webpage served by a main web server, with the editable portion served by a separate "user-content hosting server", and a token is needed to authorize edits. This token is only valid for a short period, specifically less than 24 hours. This limits the window of opportunity for unauthorized use of the token if it's compromised, adding another layer of security. The token expires automatically after a set time.
5. The method of claim 1 wherein the token defines rights for specific users, and wherein the rights include moderator rights and editor rights.
This adds a role-based permission element to the user content editing system. Again, a user edits a portion of a webpage served by a main web server, with the editable portion served by a separate "user-content hosting server", authorized by a token. The token doesn't just grant access, it defines specific rights for users. The token can specify roles like "moderator" with greater power and "editor" with limited abilities. This allows for a controlled content contribution, ensuring only certain people can approve or modify certain content sections based on their assigned rights.
6. The method of claim 1 wherein the web server hosts first and second differing web sites, and wherein a valid token associated with the user to edit a user-editable portion of an extensible web page for the first web site does not permit the user to edit a user-editable portion of an extensible web page for the second web site.
This relates to multiple website usage in the described system for user content editing. A user edits a portion of a webpage served by a main web server, with the editable portion served by a separate "user-content hosting server", authorized by a token. If the main web server hosts two different websites, the token that permits a user to edit part of a webpage on the *first* website will *not* work on the *second* website. Tokens are website-specific, preventing cross-site editing privileges. A user would need separate tokens (credentials) for each site.
7. A user content hosting server computer system configured to serve user-editable portions of an extensible web page and to authorize a user at a user computer to edit or add content to, at least a user-editable portion of an extensible web page that is served by a web server, comprising: a processor configured to: generate valid tokens for users who supply authorized credentials to the web server based on requests from a user computer to edit, or add content to, the user-editable portion of the extensible web page that is served by the web server that is different from, and geographically separated from, the user-content hosting server and is controlled or operated by a commercial entity different from the user-content hosting server; determine if a valid token associated with the user has been provided; if a valid token associated with the user has been provided, then receive and store at the user-content hosting server edits to, or content added to, the user-editable portion of the extensible web page; and if a valid token associated with the user has not been provided, then direct the user to be authenticated to the web server before storing at the user-content hosting server edits to, or content added to, the user-editable portion of the extensible web page.
This describes the "user content hosting server" itself, as a computer system that enables editing. This server serves the editable portions of webpages, and authenticates users wanting to make changes. The server has a processor that does several key things: It creates valid tokens for users who have properly logged into the main web server (which hosts the full webpage). The "user content hosting server" checks if a valid token is presented for editing. If a valid token is presented, the server receives and stores the changes to the editable section. If a valid token isn't presented, it sends the user back to the main web server to log in first. The main web server is separate, in a different location, and run by a different company.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 1, 2009
August 20, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.